<2-3 sentences summarising what the project addresses and solves, the target audience, and the benefit.> Pwnflow is a mind-mapping platform for cybersecurity professionals to visualize, track, and share security testing methodologies. It addresses the need for organized, controllable, and shareable documentation of complex assessment workflows. The platform offers an intuitive visual interface, AI-powered assistance, and a self-hosted option, ensuring users maintain complete control over sensitive data.

How It Works

<2-4 sentences on core approach / design (key algorithms, models, data flow, or architectural choices) and why this approach is advantageous or novel.> It employs a React 19 frontend and a Python 3.12 FastAPI backend, utilizing Neo4j for graph data and Redis for caching. The core approach is an interactive, node-based mind-mapping interface for constructing security testing workflows, augmented by AI for node suggestions. Its novelty lies in its strong emphasis on privacy through self-hosting and AES-256-GCM encrypted exports.

Quick Start & Requirements

• Primary install / run command (pip, Docker, binary, etc.).
• Non-default prerequisites and dependencies (GPU, CUDA >= 12, Python 3.12, large dataset, API keys, OS, hardware, etc.).
• Estimated setup time or resource footprint.
• If they are present, links to official quick-start, docs, demo, or other relevant pages.

Recommended setup uses Docker Compose: clone the repo, chmod +x run.sh, then ./run.sh dev. Prerequisites include Docker, Docker Compose, Node.js 18+ with pnpm, and Python 3.12+. AI features require a Gemini API Key in the .env file. Services are accessible at http://localhost:5173 (Frontend) and http://localhost:8000 (Backend API), with API docs at http://localhost:8000/docs.

Highlighted Details

• Interactive Mind Maps: Visual interface for complex security testing workflows.
• AI-Powered Assistance: Generates node suggestions and expands methodologies.
• Command Templates: Reusable CLI commands with variable substitution.
• Self-Hosted Option: Ensures complete control and privacy over sensitive data.
• Encrypted Exports: AES-256-GCM encryption for secure sharing.
• Privacy-First AI: Processes only non-sensitive data (node titles/descriptions).

Maintenance & Community

• Notable contributors, sponsorships, partnerships, deprecations, migrations, or other health signals if notable.
• Links to Discord/Slack, social handles, roadmap, etc.

Maintained by Riadh BOUCHAHOUA (rb-x) and Ludovic COULON (LasCC). Legacy links are provided, but active community channels are not explicitly mentioned.

Licensing & Compatibility

• License type and notable restrictions (GPL -> copyleft, SSPL, etc.).
• Compatibility notes for commercial use or closed-source linking.

The project's license is not explicitly stated in the README, a significant omission for adopters. Compatibility is geared towards security professionals requiring self-hosted solutions.

Limitations & Caveats

<1-3 sentences on caveats: unsupported platforms, missing features, alpha status, known bugs, breaking changes, bus factor, deprecation, etc. Avoid vague non-statements and judgments.>

Documentation is currently being updated. The project strongly advises against exposing Pwnflow to the internet without robust security measures. User registration is disabled by default in production, requiring manual CLI creation.